Hi ,
Any updates on this case ? Kindly let me know. Thanks.
BR//
Sargu
On Sat, Jul 7, 2018 at 1:10 PM, Sargunan <xcodehawk_at_gmail.com> wrote:
> Hi Philip ,
>
> Thank you so much.
> I am trying to setup opendkim in my company's MTA ( postfix 3.1.0 , Ubuntu
> 16.04 , opendkim & opendkim tools 2.10.3). After configuring seems
> like the opendkim not signing the mails sent by the postfix. As i am quite
> new to this , not too sure about fixing it. Seeking your advice. Below are
> my configs and logs.
> Appreciate very much . Thanks again.
>
> postfix's main.cf
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> compatibility_level = 2
> inet_interfaces = all
> inet_protocols = all
> mailbox_size_limit = 0
> milter_default_action = accept
> milter_protocol = 6
> mydestination = $myhostname, m239.mydomain.my, localhost.mydomain.my, , localhost
> myhostname = m239.mydomain.my
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> non_smtpd_milters = local:/opendkim/opendkim.sock
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_generic_maps = hash:/etc/postfix/generic
> smtp_tls_security_level = encrypt
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> smtpd_milters = local:/opendkim/opendkim.sock
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> smtpd_tls_cert_file = /etc/ssl/certs/mydomainWildcardBundle2018to2020.crt
> smtpd_tls_key_file = /etc/ssl/private/mydomain.key
> smtpd_tls_security_level = encrypt
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
>
>
>
> opendkim.conf
>
> root_at_m239:/etc/opendkim/keys# cat /etc/opendkim.conf
> # This is a basic configuration that can easily be adapted to suit a standard
> # installation. For more advanced options, see opendkim.conf(5) and/or
> # /usr/share/doc/opendkim/examples/opendkim.conf.sample.
>
> # Log to syslog
> Syslog yes
> SyslogSuccess Yes
> LogWhy Yes
> # Required to use local socket with MTAs that access the socket as a non-
> # privileged user (e.g. Postfix)
> UMask 002
> # OpenDKIM user
> # Remember to add user postfix to group opendkim
> UserID opendkim
>
> # Map domains in From addresses to keys used to sign messages
> KeyTable /etc/opendkim/key.table
> SigningTable refile:/etc/opendkim/signing.table
>
> # Hosts to ignore when verifying signatures
> ExternalIgnoreList /etc/opendkim/trusted.hosts
> InternalHosts /etc/opendkim/trusted.hosts
>
> # Commonly-used options; the commented-out versions show the defaults.
> Canonicalization relaxed/simple
> Mode sv
> SubDomains no
> #ADSPAction continue
> AutoRestart yes
> AutoRestartRate 10/1M
> Background yes
> DNSTimeout 5
> SignatureAlgorithm rsa-sha256
>
> # Always oversign From (sign using actual From and a null From to prevent
> # malicious signatures header fields (From and/or others) between the signer
> # and the verifier. From is oversigned by default in the Debian package
> # because it is often the identity key used by reputation systems and thus
> # somewhat security sensitive.
> OversignHeaders From
>
> mail.log
>
> Jul 6 17:02:49 m239 postfix/pickup[3580]: 206CE220FE6: uid=0 from=<root_at_m239.mydomain.my>
> Jul 6 17:02:49 m239 postfix/cleanup[3586]: 206CE220FE6: message-id=<20180706090249.206CE220FE6_at_m239.mydomain.my>
> Jul 6 17:02:49 m239 opendkim[3422]: 206CE220FE6: no signing table match for 'root_at_m239.mydomain.my'
> Jul 6 17:02:49 m239 opendkim[3422]: 206CE220FE6: no signature data
> Jul 6 17:02:49 m239 postfix/qmgr[3581]: 206CE220FE6: from=<root_at_m239.mydomain.my>, size=389, nrcpt=1 (queue active)
> Jul 6 17:02:50 m239 postfix/smtp[3588]: 206CE220FE6: to=<xcodehawk_at_gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.68.27]:25, delay=1.3, delays=0.01/0/0.86/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK 1530867770 r14-v6si7593888pgl.490 - gsmtp)
> Jul 6 17:02:50 m239 postfix/qmgr[3581]: 206CE220FE6: removed
>
> /etc/opendkim/key.table
>
> root_at_m239:/etc/opendkim# cat key.table
> mydomain mydomain:/etc/opendkim/keys/mydomain.private
> root_at_m239:/etc/opendkim#
>
> /etc/opendkim/signing.table
>
> root_at_m239:/etc/opendkim# cat signing.table
> *_at_mydomain.my mydomain
> root_at_m239:/etc/opendkim#
>
> /etc/opendkim/trusted/hosts
>
> root_at_m239:/etc/opendkim# cat trusted.hosts
> 127.0.0.1
> ::1
> localhost
> m239m239.mydomain.my
> mydomain.my
>
> Reference article :
> https://www.linode.com/docs/email/postfix/configure-spf-
> and-dkim-in-postfix-on-debian-8/
>
>
> On Sat, Jul 7, 2018 at 3:56 AM, Philip <philip_at_treads.nz> wrote:
>
>> It sure is - Ask away.
>>
>>
>> On 06/07/2018 21:50, Sargunan wrote:
>>
>>> Hello ,
>>>
>>> I would like to know if this is the right place to get support on
>>> opendkim installation/congifuration issues?
>>>
>>>
>>> BR//
>>> Sargu
>>>
>>
>>
>
Received on Tue Jul 10 2018 - 02:37:53 PST